Misconfigured database exposes almost 4.3B records

Nearly 4.3 billion records seemingly gathered within the past two years have been inadvertently leaked by an unsecured MongoDB database, reports Cybernews.

Included in the 16.14 TB data trove, which was discovered by SecurityDiscovery.com owner and Cybernews contributor Bob Diachenko, were nine collections of scraped professional and corporate intelligence information, some of which were obtained from LinkedIn profiles.

Almost 2 billion records with names, email addresses, phone numbers, LinkedIn URLs and profile handles, location details, employment information, educational attainment, social media accounts, email confidence scoring, Apollo IDs, and image URLs, have been revealed by a third of the collections, according to researchers, who were uncertain of the database's ownership but noted certain collections to be associated with a lead-generation firm's website. The database has already been secured.

"Large datasets like this one are a prime target for malicious actors, as they act as a strong foundational base for profile enrichment based on other data leaks, enabling malicious actors to craft a large, searchable database of personal data that, after enrichment, could also include passwords, device identifiers, links to other social media, etc," researchers added.